Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #10181: Domain name equivalence is not verified properly in the CSRF protection of the REST API

Download Browse

When checking the equivalence of domain names, the comparaison must be case independent and take care of internationalized domain name [1]. [1] https://tools.ietf.org/html/rfc5890#section-2.3.2.4 Change-Id: I5d30152f923c9e81aa93cb74015897ba2d70c7eb

+32 −5
Thomas Gerbet (tgerbet) 2017-04-24 21:43
Thomas Gerbet (tgerbet) 2017-04-24 21:49
a0d2c3de932f7d8fadb343a16927508dcaac59d9
1a8d1d502af568e493811fefe938afd18c296cd4
git #tuleap/stable/a0d2c3de932f7d8fadb343a16927508dcaac59d9

Modified Files

Side by side diff
Inline diff
Name
M src/common/REST/GateKeeper.class.php +2 −2 Go to diff View file
M tests/simpletest/common/REST/GateKeeperTest.php +28 −1 Go to diff View file
M tools/rpm/tuleap.rhel6.spec +1 −1 Go to diff View file
M tools/rpm/tuleap.rhel7.spec +1 −1 Go to diff View file